[Freeipa-devel] [PATCH] 401 Require new samba and krb5
Require samba 4.0.5 (passdb API changed). Make sure that we use the right epoch number with samba so that the Requires is correctly enforced. Require krb5 1.11.2-1 to fix missing PAC issue. --- This patch makes sure we have the right dependencies in Fedora 19 (and Fedora 18 too for the samba one). Martin From 75a8ba7eb560007c69f5df937daa554093fce75b Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Tue, 16 Apr 2013 09:44:28 +0200 Subject: [PATCH] Require new samba and krb5 Require samba 4.0.5 (passdb API changed). Make sure that we use the right epoch number with samba so that the Requires is correctly enforced. Require krb5 1.11.2-1 to fix missing PAC issue. --- freeipa.spec.in | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 7e9e994052bf32a7e2349adfbb932401bfd7f93e..3e71aa638cb1518a132a429518f3f1ad040cfadc 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -23,7 +23,7 @@ BuildRequires: /usr/share/selinux/devel/Makefile BuildRequires: policycoreutils = %{POLICYCOREUTILSVER} BuildRequires: systemd-units %if 0%{?fedora} = 18 -BuildRequires: samba-devel = 4.0.0-150 +BuildRequires: samba-devel = 2:4.0.5-1 BuildRequires: samba-python BuildRequires: libwbclient-devel %else @@ -98,7 +98,7 @@ Requires: openldap-clients Requires: nss Requires: nss-tools %if 0%{?krb5_dal_version} = 4 -Requires: krb5-server = 1.11 +Requires: krb5-server = 1.11.2-1 %else %if 0%{krb5_dal_version} == 3 # krb5 1.11 bumped DAL interface major version, a rebuild is needed @@ -194,7 +194,7 @@ Requires: %{name}-server = %version-%release Requires: m2crypto %if 0%{?fedora} = 18 Requires: samba-python -Requires: samba +Requires: samba = 2:4.0.5-1 Requires: samba-winbind %else Requires: samba4-python @@ -794,6 +794,10 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog +* Mon Apr 15 2013 Martin Kosek mko...@redhat.com - 3.1.99-6 +- Require samba 4.0.5, includes new passdb API +- Require krb5 1.11.2-1, fixes missing PAC issue + * Fri Apr 5 2013 Rob Crittenden rcrit...@redhat.com - 3.1.99-5 - Add backup and restore - Own /var/lib/ipa/backup -- 1.8.1.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 401 Require new samba and krb5
On 04/16/2013 01:16 PM, Martin Kosek wrote: Require samba 4.0.5 (passdb API changed). Make sure that we use the right epoch number with samba so that the Requires is correctly enforced. Require krb5 1.11.2-1 to fix missing PAC issue. --- This patch makes sure we have the right dependencies in Fedora 19 (and Fedora 18 too for the samba one). Martin Squashing a fix for backup dir permissions. Martin From 442543a4d76b00bf5a58c6817363c24cc70ea27f Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Tue, 16 Apr 2013 09:44:28 +0200 Subject: [PATCH] Require new samba and krb5 Require samba 4.0.5 (passdb API changed). Make sure that we use the right epoch number with samba so that the Requires is correctly enforced. Require krb5 1.11.2-1 to fix missing PAC issue. Also fix backup dir permissions. --- freeipa.spec.in | 13 + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 7e9e994052bf32a7e2349adfbb932401bfd7f93e..9448a4b485f4bd638b6e080926febbf772839ca8 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -23,7 +23,7 @@ BuildRequires: /usr/share/selinux/devel/Makefile BuildRequires: policycoreutils = %{POLICYCOREUTILSVER} BuildRequires: systemd-units %if 0%{?fedora} = 18 -BuildRequires: samba-devel = 4.0.0-150 +BuildRequires: samba-devel = 2:4.0.5-1 BuildRequires: samba-python BuildRequires: libwbclient-devel %else @@ -98,7 +98,7 @@ Requires: openldap-clients Requires: nss Requires: nss-tools %if 0%{?krb5_dal_version} = 4 -Requires: krb5-server = 1.11 +Requires: krb5-server = 1.11.2-1 %else %if 0%{krb5_dal_version} == 3 # krb5 1.11 bumped DAL interface major version, a rebuild is needed @@ -194,7 +194,7 @@ Requires: %{name}-server = %version-%release Requires: m2crypto %if 0%{?fedora} = 18 Requires: samba-python -Requires: samba +Requires: samba = 2:4.0.5-1 Requires: samba-winbind %else Requires: samba4-python @@ -691,7 +691,7 @@ fi %attr(755,root,root) %{plugin_dir}/libipa_dns.so %attr(755,root,root) %{plugin_dir}/libipa_range_check.so %dir %{_localstatedir}/lib/ipa -%attr(755,root,root) %dir %{_localstatedir}/lib/ipa/backup +%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/backup %attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore %attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysupgrade %attr(755,root,root) %dir %{_localstatedir}/lib/ipa/pki-ca @@ -794,6 +794,11 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog +* Mon Apr 15 2013 Martin Kosek mko...@redhat.com - 3.1.99-6 +- Require samba 4.0.5, includes new passdb API +- Require krb5 1.11.2-1, fixes missing PAC issue +- Change permissions on backup dir to 700 + * Fri Apr 5 2013 Rob Crittenden rcrit...@redhat.com - 3.1.99-5 - Add backup and restore - Own /var/lib/ipa/backup -- 1.8.1.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 401 Require new samba and krb5
On 04/16/2013 01:16 PM, Martin Kosek wrote: Require samba 4.0.5 (passdb API changed). Make sure that we use the right epoch number with samba so that the Requires is correctly enforced. Require krb5 1.11.2-1 to fix missing PAC issue. --- This patch makes sure we have the right dependencies in Fedora 19 (and Fedora 18 too for the samba one). Martin I've tested on f19 with Kerberos from Koji, and got the following test failure in test_cmdline/test_ipagetkeytab.py, test_2_run: == FAIL: Create a keytab with `ipa-getkeytab` for an existing service. -- Traceback (most recent call last): File /usr/lib/python2.7/site-packages/nose/case.py, line 197, in runTest self.test(*self.arg) File /home/pviktori/freeipa/tests/test_cmdline/test_ipagetkeytab.py, line 110, in test_2_run assert err == 'Keytab successfully retrieved and stored in: %s\n' % self.keytabname AssertionError The command works, the test fails because it doesn't expect warnings about Camellia on stderr. I assume they're benign? Failed to retrieve encryption type Camellia-128 CTS mode with CMAC (#25) Failed to retrieve encryption type Camellia-256 CTS mode with CMAC (#26) Keytab successfully retrieved and stored in: /tmp/tmpvLHm7l On f18 my smoke testing is going fine. -- PetrĀ³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 401 Require new samba and krb5
Petr Viktorin wrote: On 04/16/2013 01:16 PM, Martin Kosek wrote: Require samba 4.0.5 (passdb API changed). Make sure that we use the right epoch number with samba so that the Requires is correctly enforced. Require krb5 1.11.2-1 to fix missing PAC issue. --- This patch makes sure we have the right dependencies in Fedora 19 (and Fedora 18 too for the samba one). Martin I've tested on f19 with Kerberos from Koji, and got the following test failure in test_cmdline/test_ipagetkeytab.py, test_2_run: == FAIL: Create a keytab with `ipa-getkeytab` for an existing service. -- Traceback (most recent call last): File /usr/lib/python2.7/site-packages/nose/case.py, line 197, in runTest self.test(*self.arg) File /home/pviktori/freeipa/tests/test_cmdline/test_ipagetkeytab.py, line 110, in test_2_run assert err == 'Keytab successfully retrieved and stored in: %s\n' % self.keytabname AssertionError The command works, the test fails because it doesn't expect warnings about Camellia on stderr. I assume they're benign? Failed to retrieve encryption type Camellia-128 CTS mode with CMAC (#25) Failed to retrieve encryption type Camellia-256 CTS mode with CMAC (#26) Keytab successfully retrieved and stored in: /tmp/tmpvLHm7l On f18 my smoke testing is going fine. Yes, looks like new ciphers were added that we don't have enabled by default in IPA. The patch looks ok to me, ACK. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 401 Require new samba and krb5
Rob Crittenden wrote: Petr Viktorin wrote: On 04/16/2013 01:16 PM, Martin Kosek wrote: Require samba 4.0.5 (passdb API changed). Make sure that we use the right epoch number with samba so that the Requires is correctly enforced. Require krb5 1.11.2-1 to fix missing PAC issue. --- This patch makes sure we have the right dependencies in Fedora 19 (and Fedora 18 too for the samba one). Martin I've tested on f19 with Kerberos from Koji, and got the following test failure in test_cmdline/test_ipagetkeytab.py, test_2_run: == FAIL: Create a keytab with `ipa-getkeytab` for an existing service. -- Traceback (most recent call last): File /usr/lib/python2.7/site-packages/nose/case.py, line 197, in runTest self.test(*self.arg) File /home/pviktori/freeipa/tests/test_cmdline/test_ipagetkeytab.py, line 110, in test_2_run assert err == 'Keytab successfully retrieved and stored in: %s\n' % self.keytabname AssertionError The command works, the test fails because it doesn't expect warnings about Camellia on stderr. I assume they're benign? Failed to retrieve encryption type Camellia-128 CTS mode with CMAC (#25) Failed to retrieve encryption type Camellia-256 CTS mode with CMAC (#26) Keytab successfully retrieved and stored in: /tmp/tmpvLHm7l On f18 my smoke testing is going fine. Yes, looks like new ciphers were added that we don't have enabled by default in IPA. The patch looks ok to me, ACK. pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel